Google Distributed Cloud air-gapped Services Summary

Google Kubernetes Engine (GKE) on GDC air-gapped Cluster Service: Provides a managed environment for deploying, managing, and scaling containerized applications. The GKE environment consists of multiple machines grouped together to form a cluster, and GKE gives you the ability to provision and manage these Kubernetes clusters.

Identity and Access Management (IAM): Manages access to sensitive resources to help keep them secure from unauthorized use and to meet certain compliance requirements. GDC air-gapped’s authorization model manages access control policies and defines permissions, roles, and role bindings.

Key Management: GDC air-gapped comes with off-the-shelf hardware security modules (HSM) to manage encryption keys and secrets. 

Networking:

Load-balancing: Provides the ability to expose workloads through load-balancers, both internally to other workloads on GDC air-gapped, and externally to systems outside of GDC air-gapped.

Network security policies: Controls ingress and egress network flows as well as communication between your workloads.

Network Address Translation (NAT): Allows workloads that live in your private network to access resources outside of GDC air-gapped.

Private networking: Provides networks that are private to GDC air-gapped where your workloads can run.

Observability service: Workloads running on GDC air-gapped can send their logs and monitoring data to GDC air-gapped’s observability service. You can then use this Service to view, query, and export those logs and metrics, and to configure notifications to be alerted when needed.

Organizations and Projects: Each GDC air-gapped instance has one or more organizations, which have their own organization-specific identity, billing, and security policies. Organizations are completely isolated because they do not share physical compute hardware. Each organization has one or more projects. Projects provide team level isolation allowing different policy applications, basic isolation, and security.

Organization Policies: Organization policies are optional security policies that the organization administrator can choose to enforce. They can be applied to the whole organization or to specific projects, and provide guardrails in which developers can work. For example, organization policies can be used to help enforce specific compliance regimes.

Storage:

Block Storage: GDC air-gapped provides block storage, bootstraps and manages the hardware systems, and provides service-level integrations for containerized and virtual machine workloads.

Object Storage: GDC air-gapped provides object storage, bootstraps the storage hardware, and manages tenants, users, and storage buckets. 

VM Service for VM-Native Workloads: Users can create and manage virtual machines (VMs) in order to deploy, migrate, run and operate enterprise VM applications in a disconnected or air-gapped mode. 

OCR API: Managed service to detect and extract text from images based on machine learning models for specific scripts, including English and other languages. 

Speech-to-Text API: Managed service that converts speech into text for specific languages using an API powered by Google’s AI technologies. Supports speech conversion for English and other languages. 

Translation API: Managed service that instantly translates text between several languages based on machine learning models. The API supports translation between English and other languages.

Vertex AI Workbench, a feature of Vertex AI Platform: Managed notebook service designed for prototyping and developing AI/ML workloads for data scientists and ML engineers.

Database Service for GDC air-gapped:

• Database Service for AlloyDB Omni: Managed database service that is based on Google’s AlloyDB Omni database engine.
• Database Service for Oracle: Provides lifecycle management (provisioning, configuration, scaling, backup/restore, high availability, monitoring, patching) to a customer-provided, customer-licensed Oracle image.
• Database Service for PostgreSQL: Managed database service that is based on the open-source PostgreSQL database engine.

Storage Transfer Service: Provides data transfers within, across, and out of GDC air-gapped regions. These transfers are performed over the applicable network and support the portability of Customer Data (or, where this Services Summary applies between Google and a Partner, “Partner Data”).

Allows you to easily install optional services provided by Google or third-parties. Marketplace services are vetted by Google, and go through security scans and analyses. New marketplace services may be added in new versions of GDC air-gapped. Marketplace services may be subject to additional cost. Neither the Marketplace nor any offerings available via the Marketplace are “Services,” “Software,” or “Products” as defined in the agreement under which you purchase GDC air-gapped. Information about third-party marketplace offerings is available on the Marketplace. Google Marketplace services include the following:

Dataproc Container for Spark: The Dataproc container for Spark gives you the ability to run big data open source Spark batch workloads at scale on a Kubernetes environment for ETL, Analytics, Machine Learning and Data Science. Analyze your structured and unstructured data using Spark.

GDC air-gapped offers an intrusion detection and prevention solution as a service. It provides advanced threat detection - detect exploit attempts, malwares, evasion techniques, port scans, buffer overflows, protocol fragmentation and obfuscation attempts, DoS protection, vulnerability protection and more.

Workload Backup Service: The Backup Service lets you backup and restore your workloads deployed in VMs or Kubernetes containers to local or remote storage solutions for disaster recovery, CI/CD pipelines, or upgrade scenarios. You can schedule your backups to automatically run, to help you respond quickly to recover your workloads in the event of an incident.